BWise is an Governance, Risk Management, and Compliance (GRC) platform formerly owned and supported by Nasdaq, acquired by SAI Global in April 2019.
N/A
SAP Access Control
Score 7.8 out of 10
N/A
SAP Access control streamlines the process of managing and validating user access to applications and data with minimal support from IT, with the goal of giving employees the applications and services they need without exposing data and processes to unauthorized use.
Well suited for general compliance, multiple initiatives, and integration with TeamMate. SAP GRC Process control may be better suited for an SAP environment. Oracle GRC may be better suited for an Oracle environment. Overall, BWise is a very cost effective, and flexible solution.
Appropriate for SAP hrs hierarchy integration and can have multiple hierarchies of org structures adopted as alternative workflow support. Cons of access control are the logs of firefighter usage are still limited in depth and does not evolve to adop more cloud products which are coming at a plaster pace than the ac product as such.
Great reporting tool (uses SAP Business Objects). It is quite flexible on types of reports that can be created and supported. Also the reporting consultants are very competent and nice.
Highly customizable solution: almost everything can be tailored to an organization's needs, assessments, audits, issues, recommendations, tasks, etc. However, there's a trade-off between customization and the integration of different areas of the organization.
Increases visibility and efficiency in the organization. BWise offers centralized repositories (catalogs) that can be easily accessed and used by everyone in the organization (e.g. Process catalog, Policies and Procedures catalog, Risks, Controls, Laws catalogs, etc.). Also, the application allows findings on controls tested by Audit to be automatically reflected in controls monitored by SOX for example, without the need for SOX to retest them. So one area can leverage on the work of other areas increasing operational efficiency.
Increases integration and avoids silos. By choosing the correct design (e.g. Risk Workshops instead of Open Assessments), one area can see and benefit from another areas' work. An example was mentioned above; another would be Operational Risk area considering the results of Business Continuity, Vendor Management, Info Security, etc. assessments when carrying out theirs. Additionally, processes can be integrated: when contracting a new vendor for instance, one can include questions about data confidentiality and usage of models in the Vendor risk assessment. Answers to these could then trigger Info Sec / Model Risk assessments.
Increases accountability. Application provides full audit/change log with the type of change, name of executor, and date of change.
Easier follow-up. BWise sends automatic emails with reminders to the people required to take action on an issue, assessment, etc.
SAP Access Control ensures that our services are accessed by the right users since it send me alerts when an employee tries to access any application. That way, I am able to either authorize or cancel the request to safeguard of company data.
With SAP Access Control, it is easy to automate and monitor how our team access services and applications. SAP Access Control has an automatic feature that notifies me when employees access applications and services and the issues they are encountering.
In addition, SAP Access Control add security on employees login to ensure that their data on the applications are encrypted to never leak to cyber attackers.
This is a great tool for a medium to large sized company. SAP Access Control requires a great deal of SAP knowledge to use, but it is certainly information that can be learned. Their customer support is wonderful and easy to work with. The overall usability is great. I greatly recommend this software.
This product fulfills all our requirements. We can use this for user management, role management, risk analysis, business role management, workflow management. Initial configuration takes a lot of effort. Otherwise it's a great product for the end user. SAP Access Control tool performance needs improvement, sometimes it slows down the processing time for requests.
Wasn't personally involved in the vendor selection process. I am aware that one of the main drivers for selecting BWise was cost (I believe BWise total project cost was several times lower than MetricStream's).
Pricing was higher for the cloud version of the BTP service - IAG. SAP Access Control pretty much facilitates everything we are looking for as an enterprise with an efficient dollar cost ROI for the services we are looking for. Also, there were many features on the cloud version which came bundled with the license and we had to pay for them even though we did not actually use these products.
Reducing risk of fraud. Implementing SAP Access Control allows analysis of every role assigned to a job on the organization. Through this analysis, weakness on roles are detected, corrected and monitored. As the users feel the change, they also feel that they are being monitored, preventing any intent to use his position and privileges to take personal advantage. So a major impact to organizations is to reduce the financial lost due to frauds.
Reducing cost for monitoring. Another positive impact is lowering the cost of monitoring. This is twofold: First, a rather small team can manage access management. Second, through the use of SAP Access Control the complete universe of roles and users can be monitored without increasing the cost for the continuous monitoring.
During transactions. The use of SAP Access Controls allows detection of transactions that, from an information security point of view, require some redesign. When SAP GCR is implemented, you make some discoveries such as: obsolete transactions, transactions with no authorization objects and the like. The transactions with these problems can be left out of the active roles, waiting for remediation of the issues found.
